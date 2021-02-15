The Central Bank warned financial and credit organizations about a new fraudulent scheme in which attackers steal money from the accounts of legal entities using a mobile application.

It is noted that fraudsters use a remote banking system (RBS) for their scheme, reports February 15 “Kommersant” with reference to the letter from the Central Bank of the Russian Federation.

Attackers have already tried to attack the accounts of legal entities, but the banks were able to stop their actions. It is noted that the fraudster was an authorized client of the bank and changed the sender’s account numbers.

The Central Bank warns that the hackers acted professionally. In particular, they are well versed in remote banking and payment processing.

“In view of the high probability of repetition of attempts by cybercriminals to implement such attack scenarios, we expect that the newsletter recipients will carry out additional control and appropriate checks of the RB systems used,” the Central Bank said in a letter.

The regulator recommended banks and software vendors to check the RBS for vulnerabilities. If found, additional checks on banking transactions should be provided.

Earlier in the day, the Bank of Russia announced that it plans to strengthen regulatory measures for the information security of financial ecosystems. Personal data can leak through non-banking ecosystem services, so their security, as well as the level of security of information transfer channels, should be the same as those of banks, said Alexey Voylukov, vice president of the Association of Banks of Russia.